JCSwishMan33

Windstream Fun And Frollicking In DMS-100s

31 posts in this topic

So I've got my new Windstream service. I'm connecting to a DMS-100 Host, and I actually know where the CO is (1.36 miles straight-line distance, 1.7 by road)!

 

I haven't gotten a decent vintage phone yet (though I've got a call in on a 70's Northern Telecom 12-button touch tone), so I'm using a cordless. Bleh.

 

It's been interesting so far. It doesn't look like I have normal access to dial 1-NPA-0XX numbers; I get dropped to a CBCAD message after 8 digits, but I can confirm I have long distance (normal 1+ calls go through). Haven't tried 1XX yet, but I anticipate the same 'difficulties'.

 

I've tried various CIC / CAC codes, even with normal numbers (like my own)... Most get a CBCAD, buuuuut... A couple (AT&T and Sprint) give me an error revolving around not being able to reach the number with the carrier access code. So I probably have a restriction on my line? Probably a wrong feature group? Not sure.

 

Meanwhile, I was wondering if anyone knew of any 'interesting' things to try, specifically with DMS-100 Hosts, or maybe Windstream quirks in general?

Edited by JCSwishMan33
1

Share this post


Link to post
Share on other sites

 

Think I'll keep this topic updated with odd things I find.

 

I remembered that 700-555-4141 could be used to find out your InterLATA carrier... Definitely Windstream. But is it normal to get a dial tone back after the message? Seems to be the one from the switch, so.

0

Share this post


Link to post
Share on other sites

Just completed a handscan of the 99xx area of my local switch (440-353).

 

00-05, 07, 09-10, 12, 14-31, 33-68, 70-98 all go to what I'm assuming is the switch's NIS message. It's a pretty shoddy quality, sounds like it was done over the phone... But a couple seconds after the recording seems to click off, it sounds like an old, noisy trunk! Obviously it's part of the recording, but it sounded interesting.

 

Starting at 91 up, the ring into the NIS seems a little... Odd. It's very subtle, but after hitting so many NISes, my ears perked on it right away. Not frequency, but modulation?

 

06, 08, and 13 were ringouts. None seem connected.

 

11 was a business. The only confirmed live line on the hundred group.

 

32 is busy. I called several times during and after the scan, and it stays busy.

 

69 was a bit odd. The first 2 times I called it, the line acted like I hadn't given it enough numbers. After dialing, several seconds of silence, then a reorder. Every time after, it went to NIS. So I'm not sure if it was just a fluke the first 2 times, or maybe I tripped something.

 

99 is the fun line.

 

It goes to dialtone as soon as dialing is completed. 7D waits for a few seconds (I'm guessing listening for more numbers), but then drops to a busy signal. 10D actually completes out. CID sends the number you called 99 on, and respects a privacy bit if it was given on the initial call. If you dial *67 on the dialtone, it eventually gives a recall dialtone! 7D on that gives an immediate CBCAD... But 10D completes w / privacy bit, even if not used on the initial dial!

 

99 feels like one of those "paths to the toll network" Evan always talked about, because it doesn't complete anything short of 10D. But I'm sure there's a "thing" to it.

0

Share this post


Link to post
Share on other sites

Sure! Here's the most obvious thing you can do; http://thoughtphreaker.omghax.ca/audio/anac_holdup.wav . If you know the number for ANAC, you can flash right as it's about to hang up, and if you come back at just the right time, it'll just ignore the trunk when it tries to go on-hook. If you want to try your hand at other things, or just don't know the number for ANAC (no worries, Windstream is fairly good at hiding stuff), it doesn't stop there. Sadly though, it doesn't - at least not to the best of my knowledge, apply to things with common channel signaling, like q.931 or SS7.


But yeah, let's start with something simple and common: POTS. It's a little simpler here; if you flash over, the other person can't! I wrote in a big post about this a few years ago; http://www.binrev.com/forums/index.php?/topic/46235-getting-to-the-bottom-of-a-dms-bug/
The most obvious question is if the switch still stops you from flashing when the other person hangs up, can you transfer to something that keeps you restricted like that? Better yet, without even heading down there, is there anything I can call that'll still keep that flashing restriction on?

 

I think this is the result of some sort of resource restriction. The switch was probably designed with the idea that you'd never need to put more than one DTMF receiver on a call. If flashing was implemented in some way that never completely disconnects you from your original phone call, it could be impossible to get a DTMF receiver allocated to the person on the other end, so since it can't do that, it just ignores you. With that in mind, though...

 

A. For whatever it's worth, things that need a digit receiver to work, like the integrated selective call forwarding IVR, won't let you flash, let alone let you use it on three-way. Though since on-hook calls won't let you flash either, that could be for other reasons.

B. That still doesn't explain why call waiting doesn't work.

C. If that's true, not letting the other person flash after you hang up was probably a stupid decision.

 

So obviously, the most effective use of this is to trip up something that needs to flash, like a centrex auto-attendant if you happen to have something like that on the same switch. The voicemail systems on a lot of ex-GTE switches also flash for transfers. But if you happen to live near any sort of power plant or anything, a lot of those places like to use ancient E&M trunks that, like the ANAC, use inband signaling and are probably wink-start if they exist. Someday I really want to figure out if they can be screwed with in a similar way.

 

Anyway, sorry for the tangent. That bug always gets me asking nature-of-the-universe-y sort of questions. So - next thing!

 

Quote

 

I remembered that 700-555-4141 could be used to find out your InterLATA carrier... Definitely Windstream. But is it normal to get a dial tone back after the message? Seems to be the one from the switch, so.

This is something I've actually been exploring a little more recently, because it happens in my neck of the woods a lot. There's some DMSes that'll reset you back to dialtone in pretty much any circumstance. There's only two I know that do that; the switch that serves the Houston/Bush Intercontinental Airport, and the one that serves Washington/Dulles International if I remember right; the last time I took a flight out of there was 2008. But anyway, there's certain SS7 cause codes that do that on a TON of DMSes. The most reliable numbers I've found that push that sort of thing back are 866-202-9985, or 800-WRI-GLEY (call it and choose any option that'll disconnect you; 5 will do this whenever the call center closes). The success rate for this depends on the switch. On some, it happens almost every time. Some, it's more like half or a third of the time. And others, well, never. But whenever it does, it can be your best friend against some piece of line restricting equipment - there's no battery drop or anything to signal that this is happening, other than a sudden increase in sidetone for a second. Some day, I want to find/make something that lets you end a call with any SS7 cause code you feel like to expose these sort of quirks.

 

Quote

 

It's been interesting so far. It doesn't look like I have normal access to dial 1-NPA-0XX numbers; I get dropped to a CBCAD message after 8 digits, but I can confirm I have long distance (normal 1+ calls go through). Haven't tried 1XX yet, but I anticipate the same 'difficulties'.

 

Did you try putting a CAC in front of it? Being able to dial 0xx traffic without one in front of it is a leprechaun level of rare.

 

Starting at 91 up, the ring into the NIS seems a little... Odd. It's very subtle, but after hitting so many NISes, my ears perked on it right away. Not frequency, but modulation?

 

Sounds normal to me. Were you trying to call it on three-way by any chance? That'll change up the ring, among other things, quite significantly; http://thoughtphreaker.omghax.ca/audio/dms_different_tones.flac

 

There's probably some regional bugs too. One thing I figured out by accident is on any Pacific - and possibly Nevada Bell DMS-100, if you dial * as the last three digits of a phone number (excluding a CAC; it has to be a destination) will make it suddenly stop in the middle of a partial dial recording and go to reorder. Or sometimes, it won't even get that far; if it stops in the middle of the SIT generation, you'll just hit dead silence.

 

This isn't necessarily a DMS-100 thing - actually, it's much more of a EWSD thing, but some DMS-100s will route you to the local operator when you dial 101-0110-0. I think local traffic can be originated on that CAC too.

 

In the way of features, there's a couple very nice ones to be on the lookout for; the first one is pretty self explanitory - when you scan DMS-100s, you'll semi-frequently find dialtones that just come out of nowhere. These are generally being done directly in the switch via software. It looks like you've found one already, actually. The dialplans on these are anything but usual, so if they don't work, be sure to try prefix digits and whatnot. For example, try pressing nine. If it doesn't give you dialtone, press *, and at the new dialtone, try 8, 7, etcetera.

 

The next one is a little less obvious, but it's what we use to conf every night; the ringout bridge. I think it's a Centrex-specific feature, but sometimes you find it in non-centrex areas, like test ranges. Basically, it rings with normal DMS-100 ring; there's no way to distinguish it from any other DMS number that doesn't pick up. Then, when another person comes on, it'll go offhook, bridge you together, and use another ringback tone (from a different source, oddly enough) to let you know someone has joined. The limit on these is in software, but I think you can have up to 32 people in there.

 

Another quirk you'll occasionally find is the EDRAM announcements on the switch will occasionally play really briefly, stop, ring, and then play from the beginning. I dunno why, but they just do.

 

This post is sorta blowing out of control in size, but I'll edit it if I can think of anything else. In the meantime, one thing you might want to try is a CAC + #; so like, 101-0555# to get a dialtone from a toll switch. If you know your own CAC, that's probably the best use of it, since most carriers are reluctant to give you one unless you're subscribed to them. It looks like you might have the right circumstances to get a dialtone from 0288#. Try dialing some toll-free numbers on it.

Edited by ThoughtPhreaker
1

Share this post


Link to post
Share on other sites

I will definitely look over some of the things you've mentioned when I get home from work, because a lot of it could be interesting... And I don't mind toying around in the name of 'research'. ;)

 

Did want to hit some of the things you asked about, though.

 

59 minutes ago, ThoughtPhreaker said:

Did you try putting a CAC in front of it? Being able to dial 0xx traffic without one in front of it is a leprechaun level of rare.

 

I want to say yes, I did try some CACs in front of these. I know I tried some normal CAC calls for sure (which didn't work, per se), but I'll have to see about 0xx and 1xx. To be determined, we shall say.

 

Quote

Sounds normal to me. Were you trying to call it on three-way by any chance? That'll change up the ring, among other things, quite significantly; http://thoughtphreaker.omghax.ca/audio/dms_different_tones.flac

 

I want to say "no" on this? However it's not impossible. I was dialing through things pretty fast, and I think I was tinking around with the "flash time" on my handset during the course of the scan.

 

Yes, I can actually change the delay time on my flashes on my digital handset. Found that 80ms didn't do anything, but 100ms was just enough to actually count.

 

Quote

In the way of features, there's a couple very nice ones to be on the lookout for; the first one is pretty self explanitory - when you scan DMS-100s, you'll semi-frequently find dialtones that just come out of nowhere. These are generally being done directly in the switch via software. It looks like you've found one already, actually. The dialplans on these are anything but usual, so if they don't work, be sure to try prefix digits and whatnot. For example, try pressing nine. If it doesn't give you dialtone, press *, and at the new dialtone, try 8, 7, etcetera.

 

Oddly enough, I didn't think about treating that dialtone like a 'PBX' line (i.e. dial 9 to 'get out'). I'll try that for sure. I know I found the *67 thing, so I'll have to try some others.

 

Quote

The next one is a little less obvious, but it's what we use to conf every night; the ringout bridge. I think it's a Centrex-specific feature, but sometimes you find it in non-centrex areas, like test ranges. Basically, it rings with normal DMS-100 ring; there's no way to distinguish it from any other DMS number that doesn't pick up. Then, when another person comes on, it'll go offhook, bridge you together, and use another ringback tone (from a different source, oddly enough) to let you know someone has joined. The limit on these is in software, but I think you can have up to 32 people in there.

 

This I'd actually thought about in the 3 ringouts I found in the hundred group. They were definitely not bridged... I tried being on one of the numbers, then calling another. Both would just ring out, but it seemed like one ring was 'shorter' then the other? I.e. it seemed like the rings would come slowing into phase, then slowly out of phase in timing. But maybe that was just me, too.

 

Quote

This post is sorta blowing out of control in size, but I'll edit it if I can think of anything else. In the meantime, one thing you might want to try is a CAC + #; so like, 101-0555# to get a dialtone from a toll switch. If you know your own CAC, that's probably the best use of it, since most carriers are reluctant to give you one unless you're subscribed to them. It looks like you might have the right circumstances to get a dialtone from 0288#. Try dialing some toll-free numbers on it.

 

Now that sounds like an easier way to see if I can get at any CACs. Heh. I'll have to find mine first.

0

Share this post


Link to post
Share on other sites

So some follow-ups:

 

0xx codes don't seem to fly, even with the CACs in front. I feel like I'm sitting behind some sort of restriction(s), but can't confirm.

 

Windstream's CAC + # puts me through a series of menus like the old 1-800-CALL-ATT (including collect and operator options)... Oddly enough, you were right about AT&T's CAC + # giving me a dialtone that I can makes calls out on. Just for shits and grins, I tried 101-0555#... A high tone dialtone? Did I hear that right? Heh.

 

9999... So dialing any single number on the dialtone just breaks the tone.

 

Still going to be trying things... Deciding if I want to sleep now though. Heh. Will edit as I find more.

0

Share this post


Link to post
Share on other sites



but it's what we use to conf every night; the ringout bridge.; Basically, it rings with normal DMS-100 ring; there's no way to distinguish it from any other DMS number that doesn't pick up. Then, when another person comes on, it'll go offhook, bridge you together, and use another ringback tone (from a different source, oddly enough) to let you know someone has joined





Yeah, I was going to say that. Those few ringouts in your earlier scan? Call them on your cell phone, if you have one, while you have them on your wireline. (So for example get 06 up on the wireline then call into it on the cell.) If it stops ringing and you can talk through it, there's your conf.

Has the "Not Lady" spoken to you yet? She speaks many truths and knows of which she speaks, so to speak.





right circumstances to get a dialtone from 0288#





I keep reading about that, is this an expected behavior for 288#? Every time I've tried it on my 5E it throws up a Pat Fleet CBCAD. 555# works as expected.

0

Share this post


Link to post
Share on other sites
8 hours ago, scratchytcarrier said:

Yeah, I was going to say that. Those few ringouts in your earlier scan? Call them on your cell phone, if you have one, while you have them on your wireline. (So for example get 06 up on the wireline then call into it on the cell.) If it stops ringing and you can talk through it, there's your conf.

 

That's exactly what I did, as a matter of fact: Had my cell phone on one, and called in on the wireline on another. Neither would break the ring on any combination of the numbers.

 

8 hours ago, scratchytcarrier said:

Has the "Not Lady" spoken to you yet? She speaks many truths and knows of which she speaks, so to speak.

 

As in "Not in service" and "can Not be dialed..."? If so, yes. Many times. :D

0

Share this post


Link to post
Share on other sites

I keep reading about that, is this an expected behavior for 288#? Every time I've tried it on my 5E it throws up a Pat Fleet CBCAD.

 

If you home on a 5ESS for AT&T toll traffic then it should be, but that isn't always necessarily true; I don't think 206-9L cooperates with this sort of activity for some reason. In any case, 503-9L and 253-9L are DMS-250s, the latter of which is mostly just available from GTE areas. In any case, I couldn't get either of them to work. If you'd like to hear what it's like though, that dialtone JCSwishman found will let you call it there.

 

Just for shits and grins, I tried 101-0555#... A high tone dialtone? Did I hear that right? Heh.

 

400 hertz - not 480, but yeah. That goes to a Worldcom DMS-250 using something similar to get you it; notice if you press *, you still get dialtone back. In order to do anything interesting though, you'll need an authorization code.

 

As in "Not in service" and "can Not be dialed..."? If so, yes. Many times.

 

I think he means this lady specifically: 702-310-0042.

0

Share this post


Link to post
Share on other sites
15 minutes ago, ThoughtPhreaker said:

I think he means this lady specifically: 702-310-0042.

 

Hah, okay... I see what he means. :) I've NOT gotten her on my switch, I don't think. I've heard her before, but not on the switch I'm in.

 

BTW, single-tone reorder? Niiiiice.

0

Share this post


Link to post
Share on other sites

So you've got me all curious here now; that DISA on your switch - since the DMS is pulling up a digit receiver and stuff, can you still flash while you're sitting at that dialtone? It definitely supes, so there should theoretically not be any excuse for it not to.

0

Share this post


Link to post
Share on other sites
1 minute ago, ThoughtPhreaker said:

So you've got me all curious here now; that DISA on your switch - since the DMS is pulling up a digit receiver and stuff, can you still flash while you're sitting at that dialtone? It definitely supes, so there should theoretically not be any excuse for it not to.

 

Straight flash (i.e. to try to get 3-way off the dialtone), or hook-switch dialing?

0

Share this post


Link to post
Share on other sites

Hook-switch dialing is a no-go right now, seeing as only have the cordless at the moment.

 

I believe a straight flash was handled as normal. I'll check again. Was there a particular flash timing you wanted tested? I can set my phone to spit out quite a few. :D

0

Share this post


Link to post
Share on other sites

So I'm still futzing with this Windstream line (and fighting with them about my bill... Charged me a full month for a half-month's worth of dial tone, AND charged me more than quoted for the next month!), and I've got a few plans brewing for some medium- to long-term research:

 

- Plan on getting some sort of audio recording setup done. I might be able to do a 2.5mm to 3.5mm from the cordless phone's headset jack to my laptop's Mic In... Seems simple enough. Which means it probably isn't.

- I'm going to nab a CIC / CAC list, and start floating through it... See which ones I can actually go through (either directly or indirectly).

- Still going to attempt to get to 0xx (and maybe 1xx) codes, most likely using the CIC / CAC list from above.

- "Old switch rundown"... I know we're focusing on the 1As (as very likely the last electromechanical switch in existence), but I'm curious to see if there are any other vintage switches lurking around out there. So I'll be pouring through the LERGs and CLLI lists to see if anything else is hiding on us.

 

0

Share this post


Link to post
Share on other sites

Plan on getting some sort of audio recording setup done. I might be able to do a 2.5mm to 3.5mm from the cordless phone's headset jack to my laptop's Mic In... Seems simple enough. Which means it probably isn't.



It's simple but probably won't work very well. An inter box (line tap) on the line would be far easier to set up (unpack, plug in, set volume level on laptop) and probably yield better audio quality. Also wouldn't pick up interference off the handset's transmitter. When I tried making recordings off the jack in my mom's 900 MHz Panasonic cordless (okay, this was a while ago) I would always hear this constant ~450 Hz hum in the background that I wouldn't get on a direct line tap, and usually not very far in the background. Also beware because your fone might supply phantom voltage (DC bias) on the microphone terminal to drive an electret or condenser pickup, which could mess up your sound chipset if it's high enough.

https://www.amazon.com/RadioShack-Recorder-Controller-Single-43-421/dp/B0141NMCFW

but I'm curious to see if there are any other vintage switches lurking around out there



+1 805 741-2600

https://www.youtube.com/watch?v=wRQWhmDxPGY

You'll hear a dial tone, and then you may dial two digits to reach extensions or trunks. 11 or 15 are the switchroom, 12 answers into an audio coupler that usually has local radio on it, 8 is a trunk to the host digital PBX. It is available 24 hours a day. This system is also connected to CNET (Collectors Network), home of many fascinating "live" switches from days gone by. We are connected to the PSTN via Asterisk, an EON millenium PBX that "speaks" to the XY over analog E&M trunks. From CNET Dial 1958-17XX.

0

Share this post


Link to post
Share on other sites
2 minutes ago, scratchytcarrier said:

An inter box (line tap) on the line would be far easier to set up (unpack, plug in, set volume level on laptop) and probably yield better audio quality. Also wouldn't pick up interference off the handset's transmitter. When I tried making recordings off the jack in my mom's 900 MHz Panasonic cordless (okay, this was a while ago) I would always get this constant ~450 Hz hum in the background that I wouldn't hear on a direct line tap, and usually not very far in the background.

 

The line tap makes perfect sense... And if I get Windstream to figure out WTF is wrong with the jack in my bedroom (where I usually keep the laptop), I'd prefer to do that. But that'd require them getting their heads out of their asses about my service credit and the normal pricing of the line... If all of their shenanigans get too stupid, I'm probably not going to keep the line.

 

As it is, I have to plug the base unit in downstairs, then have an extension handset upstairs. Not ideal, but I'm trying. Heh.

0

Share this post


Link to post
Share on other sites

You could also run an extension cord with a coupler on it, just be sure to choke the hell out of it if it's long enough and you live in an area with lots of RF interference. (Being a couple miles away from a 50000-watt AM station certainly wouldn't help.)

I also wouldn't bother with having the phone company service the wiring inside the house. The outside plant from the demarc/TNI out to the CO is their responsibility, but between the demarc and the phone is the customer's responsibility (long story, became that way as a result of divestiture). You can get a much more reliable hookup with better quality components on a DIY job anyways and the job'll get done right. Worst case scenario, you'd probably have to pull a new cable up to the bedroom.

Edited by scratchytcarrier
0

Share this post


Link to post
Share on other sites
10 minutes ago, scratchytcarrier said:

I also wouldn't bother with having the phone company service the wiring inside the house. The outside plant from the demarc/TNI out to the CO is their responsibility, but between the demarc and the phone is the customer's responsibility. You can probably get a much more reliable hookup with better quality components on a DIY job anyways (and the job'll get done right). Worst case scenario, you'd probably have to pull a new cable up to the bedroom.

 

So if I wanted to be so bold and check the wiring up to the wall jack that doesn't work, what all will I need (besides the obvious screwdriver to get the wall plate off)?

0

Share this post


Link to post
Share on other sites
Quote

 

So I'm still futzing with this Windstream line (and fighting with them about my bill... Charged me a full month for a half-month's worth of dial tone, AND charged me more than quoted for the next month!), and I've got a few plans brewing for some medium- to long-term research:

 

Bleah, I hope everything goes well with that >.< . I don't have to tell you telcos and billing aren't a happy combination.

 

Quote

 

- I'm going to nab a CIC / CAC list, and start floating through it... See which ones I can actually go through (either directly or indirectly).

 

https://www.nationalnanpa.com/enas/formCICDMasterReport.do

And here's some 950s if you're into them: https://www.nationalnanpa.com/enas/formCICBMasterReport.do

 

Quote

 

- Still going to attempt to get to 0xx (and maybe 1xx) codes, most likely using the CIC / CAC list from above.

 

I've got something like this lying around. It's got a few years on it, but I'll see what I can do to get it exported.

 

Quote

 

- "Old switch rundown"... I know we're focusing on the 1As (as very likely the last electromechanical switch in existence), but I'm curious to see if there are any other vintage switches lurking around out there. So I'll be pouring through the LERGs and CLLI lists to see if anything else is hiding on us.

 

I think eastern Europe is your best bet for that, but there's some weird, clicky switch that usually comes into play on AT&T calls to places like Germany (if you don't want to pay for a call to Germany, UIFNs are a perfectly valid option here). I never bothered to look into that, but in retrospect, probably should. My money is on it being a PRX-A or something. I'll update this post in a bit hopefully with a number that can terminate through that, and a recording of an electromechanical switch to boot.

 

Quote

 

Plan on getting some sort of audio recording setup done.

 

I've been avoiding this method recently since the cheap 2500 clone I've taken to using has a noisy amplifier in it (most phones not so much), but the cheapest and easiest way to get good sound is to cut an old handset cord in half, and wire the earpiece output into a 1/8" jack for a recorder. Optionally, you might want to consider putting an isolation transformer in the circuit if you're planning on recording with anything that gets AC power, and put a varistor equivalent (the ITT clone I have just uses some generic current limiting diode) across the two leads to even out the big spikes from battery drops and stuff. It's not essential, but it makes recording a lot less annoying. One more thing; don't plug it into a Trimline, or anything like it with a keypad in the handset. Those push out line voltages to drive the DTMF IC.

 

Anyway, the quality you get from a circuit like that depends on the quality of your line card's output and the network in your phone. WECo phones most notably, while they tend to be pretty good, do add a significant bump EQ-wise around 1 KHz, and eliminate the very low frequencies. If you're lucky enough to be served out of a really nice channel bank like the one scratchytcarrier is on, they will transmit that sort of thing, but most tend not to. Here's what a WECo phone sounds like on one of those compared to an ISDN circuit.

 

http://thoughtphreaker.omghax.ca/audio/410844_420.flac

http://thoughtphreaker.omghax.ca/audio/410844_isdn.flac

 

The line card actually has less noise than the weird chain of stuff I recorded the ISDN output from (Telos Zephyr -> Axia Livewire node -> headphone out on some Fostex monitor doohickey). This is partly because the output from the one I was on was unnaturally loud; if you called, say, 800-CALL-ATT from that line, the audio logo almost makes you want to move your ear away from the phone.

Edited by ThoughtPhreaker
0

Share this post


Link to post
Share on other sites
9 minutes ago, ThoughtPhreaker said:

Bleah, I hope everything goes well with that >.< . I don't have to tell you telcos and billing aren't a happy combination.

 

Well, I managed to get a small service credit for the time I was without dial tone, and an explanation of why my next month was higher (I did technically make a directory assistance call... And don't complete an actual call with 1010288... Almost $3 for a suped call). So I'm counting it as a win, and will try to make arrangements to keep the line active.

 

9 minutes ago, ThoughtPhreaker said:

And here's some 950s if you're into them: https://www.nationalnanpa.com/enas/formCICBMasterReport.do

 

Care to explain the 950s to me? I have a vague recollection of them, but not good enough to completely grasp.

 

9 minutes ago, ThoughtPhreaker said:

I've got something like this lying around. It's got a few years on it, but I'll see what I can do to get it exported.

 

Last I knew, 208-038 (Frontier Directory Assistance) still worked... So I figure if I can get through to that on someone's LD network (I have yet to try Frontier's own CIC through Windstream...), there's a chance to try others through it.

 

9 minutes ago, ThoughtPhreaker said:

I think eastern Europe is your best bet for that, but there's some weird, clicky switch that usually comes into play on AT&T calls to places like Germany (if you don't want to pay for a call to Germany, UIFNs are a perfectly valid option here). I never bothered to look into that, but in retrospect, probably should. My money is on it being a PRX-A or something. I'll update this post in a bit hopefully with a number that can terminate through that, and a recording of an electromechanical switch to boot.

 

Yes. UFINs would be my preferred option. Heh. If you've got a few for a few different locales, I'd love to hear them 'live'.

 

Seem to have found an official UIFN DB? Not sure how to read it just yet, but this might be useful: http://www.itu.int/en/ITU-T/inr/unum/Pages/uifndb.aspx

 

9 minutes ago, ThoughtPhreaker said:

I've been avoiding this method recently since the cheap 2500 clone I've taken to using has a noisy amplifier in it (most phones not so much), but the cheapest and easiest way to get good sound is to cut an old handset cord in half, and wire the earpiece output into a 1/8" jack for a recorder. Optionally, you might want to consider putting an isolation transformer in the circuit if you're planning on recording with anything that gets AC power, and put a varistor equivalent (the ITT clone I have just uses some generic current limiting diode) across the two leads to even out the big spikes from battery drops and stuff. It's not essential, but it makes recording a lot less annoying. One more thing; don't plug it into a Trimline, or anything like it with a keypad in the handset. Those push out line voltages to drive the DTMF IC.

 

Anyway, the quality you get from a circuit like that depends on the quality of your line card's output and the network in your phone. WECo phones most notably, while they tend to be pretty good, do add a significant bump EQ-wise around 1 KHz, and eliminate the very low frequencies. If you're lucky enough to be served out of a really nice channel bank like the one scratchytcarrier is on, they will transmit that sort of thing, but most tend not to. Here's what a WECo phone sounds like on one of those compared to an ISDN circuit.

 

http://thoughtphreaker.omghax.ca/audio/410844_420.flac

http://thoughtphreaker.omghax.ca/audio/410844_isdn.flac

 

The line card actually has less noise than the weird chain of stuff I recorded the ISDN output from (Telos Zephyr -> Axia Livewire node -> headphone out on some Fostex monitor doohickey). This is partly because the output from the one I was on was unnaturally loud; if you called, say, 800-CALL-ATT from that line, the audio logo almost makes you want to move your ear away from the phone.

 

So to my ear, I'd rather have the ISDN. You seem to get more fidelity, especially in the higher frequencies. The supe seems to have more clarity, and you can hear more on the trunk. Both let the tone come through WAY too loud; much cringe when it plays. Heh.

 

The first thing I'll probably do is scratchy's suggestion of a line tap (once I get the upstairs jack working), just to get something set. If I find myself needing something more robust (which I could see, if I find interesting things), I'll be pinging you more. :D

0

Share this post


Link to post
Share on other sites

Also added to the list, as more of a "Stupid Phone Trick":

 

Stacking DISAs. Just because I can (likely?) do it.

 

EDIT: And... DMS-100 DISAs don't seem to stack. Dialing one from another just results in a busy signal.

 

HOWEVER... I found that my switch's DISA allows 1010288# ... Which allows me to dial... My switch's DISA! That also allows 1010288#... And I can dial my DISA again, but on this one it drops to reorder after just a few seconds. From the noise on the line (or lack thereof) when it cuts back to reorder, it seems like it's the local switch. So... That's interesting.

 

And the more interesting thing is that other DISAs (like the ones TP just posted) will NOT allow 1010288#... I either get a reorder, or the "Not" Lady.

Edited by JCSwishMan33
0

Share this post


Link to post
Share on other sites
On 11/22/2016 at 2:30 PM, scratchytcarrier said:

+1 805 741-2600

 

While this is awesome, I couldn't get it to do much. Does this guy have a phone directory, so I know how to dial on the network? :D

0

Share this post


Link to post
Share on other sites
Quote

 

Care to explain the 950s to me? I have a vague recollection of them, but not good enough to completely grasp.

 

Basically, they're like feature group D access codes, but designed as sort of a workaround; they're specifically seven digits so they could work from step offices and such back when equal access first became a thing.

 

Quote

 

HOWEVER... I found that my switch's DISA allows 1010288# ... Which allows me to dial... My switch's DISA! That also allows 1010288#... And I can dial my DISA again, but on this one it drops to reorder after just a few seconds. From the noise on the line (or lack thereof) when it cuts back to reorder, it seems like it's the local switch. So... That's interesting.

 

You're playing with fire there. Racking up toll charges on things that aren't yours is a good way to piss off whomever owns it. Especially if you're casual dialing traffic on a CAC they're not necessarily subscribed to. That being said, I got to stack up calls between local trunks on a couple different switches before. If you can get around the loop detection algorithm (usually just a pause of a few seconds works. In Qwest territory, there's an IVR that makes you press 1 to tell it you're not a telemarketer. This works probably a lot better for this than they intended), you should be able to stack effectively as much as you'd like. But it's really hard to get a lot of degradation on good trunks.

 

Quote

 

So to my ear, I'd rather have the ISDN. You seem to get more fidelity, especially in the higher frequencies. The supe seems to have more clarity, and you can hear more on the trunk. Both let the tone come through WAY too loud; much cringe when it plays. Heh.

 

Yeah, it simplifies the recording hardware too, since you can just send the PCM stream from whatever is receiving it to a hard drive or something, and be assured you're getting an exact copy of what's coming over the network. The problem is some LECs charge non-sane prices for BRIs (like, $400 or something in AT&T territory; you can get a whole PRI for cheaper in some cases). The reason they can get away with this is it's a niche service that broadcasters and voiceover types love; a good chunk of sports broadcasts/commercial voiceovers/occasionally radio interviews/etc, since there's boxes (like the Zephyr I talked about earlier) that'll haul MP3/AAC/etc over the B channels.

 

With no ISDN though, you can still compromise and just three-way stuff into a voicemail box that lets you download messages if they don't muck it up with any sort of processing; http://thoughtphreaker.omghax.ca/audio/33-9693-67000.wav . Finding one that's just right can be tough, though - that particular one was from K7 back when it was still a thing. I'm still trying to find something like it.

 

And don't complete an actual call with 1010288... Almost $3 for a suped call

 

Ooh, nasty >.< . Yeah, some providers really nail you for calls without a subscription. Usually if it's just a one minute call, you can just act all confused and they'll tell you to tear up the bill. This usually winds up with you getting blocked (you can still dial 101-0288-0) though.

Edited by ThoughtPhreaker
0

Share this post


Link to post
Share on other sites
4 hours ago, ThoughtPhreaker said:

Basically, they're like feature group D access codes, but designed as sort of a workaround; they're specifically seven digits so they could work from step offices and such back when equal access first became a thing.

 

So is it basically a 950-xxxx, and it gives you a second dial tone to dial off of (if they're not restricted)?

 

4 hours ago, ThoughtPhreaker said:

You're playing with fire there. Racking up toll charges on things that aren't yours is a good way to piss off whomever owns it. Especially if you're casual dialing traffic on a CAC they're not necessarily subscribed to. That being said, I got to stack up calls between local trunks on a couple different switches before. If you can get around the loop detection algorithm (usually just a pause of a few seconds works. In Qwest territory, there's an IVR that makes you press 1 to tell it you're not a telemarketer. This works probably a lot better for this than they intended), you should be able to stack effectively as much as you'd like. But it's really hard to get a lot of degradation on good trunks.

 

Yeah, it's not something I intend on messing with much. It was more of a 'gee-whiz' thing I found. I was disappointed that the DISAs just wouldn't stack by themselves... But I think I might just start poking around at the local switches, keep in mind the loop detection, and see what I can find. The degradation with what I was doing wasn't massive, but it was enough to tell me I was doing things.

 

4 hours ago, ThoughtPhreaker said:

Yeah, it simplifies the recording hardware too, since you can just send the PCM stream from whatever is receiving it to a hard drive or something, and be assured you're getting an exact copy of what's coming over the network. The problem is some LECs charge non-sane prices for BRIs (like, $400 or something in AT&T territory; you can get a whole PRI for cheaper in some cases). The reason they can get away with this is it's a niche service that broadcasters and voiceover types love; a good chunk of sports broadcasts/commercial voiceovers/occasionally radio interviews/etc, since there's boxes (like the Zephyr I talked about earlier) that'll haul MP3/AAC/etc over the B channels.

 

With no ISDN though, you can still compromise and just three-way stuff into a voicemail box that lets you download messages if they don't muck it up with any sort of processing; http://thoughtphreaker.omghax.ca/audio/33-9693-67000.wav . Finding one that's just right can be tough, though - that particular one was from K7 back when it was still a thing. I'm still trying to find something like it.

 

Hmmm... Now I hadn't thought of the 3-way idea. It might do for a 'quick and dirty til I can get something better' idea... Just have to see if my Windstream line is set for 3-way calling. I don't -think- it is, but I got some indications when I was doing some testing with flashing that it might be. To be determined.

 

4 hours ago, ThoughtPhreaker said:

Ooh, nasty >.< . Yeah, some providers really nail you for calls without a subscription. Usually if it's just a one minute call, you can just act all confused and they'll tell you to tear up the bill. This usually winds up with you getting blocked (you can still dial 101-0288-0) though.

 

I'll accept the goofs I make. It's more research in my cap, so I can refine my techniques. Plus, it may or may not have been a DA call... I have to look at the bill again. Heh.

 

The thing I have to figure out is how Windstream counts their time, since I'm on a 100-minute LD plan. From the bill, it was hard to tell if it was timed on supe, or timed on placing the call... Because I swear some numbers -didn't- supe, but I still got a 1 minute ding on them. So we'll see.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now